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(57) An electronic information management system 
(10), an IC card, a terminal apparatus and an electronic 
information management method, and a recording me- 
dium on which is recorded an electronic information 
management program, which displays a plurality of im- 
ages simultaneously or hierarchically to thereby carry- 
out authorization of access to electronic information 
based on an image password which is easily remem- 
bered and difficult to appropriate. 
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Description 

[0001] The present invention relates to electronic information management techniques where authorization of access 
to electronic information is carried out based on an input password. In particular the invention relates to techniques 
s using passwords by specifying images (to be referred to image passwords hereinbelow) which are easy to remember 
and difficult to appropriate. 

[0002] Heretofore, various data processing systems (referred to hereunderas "systems") aimed at providing a service 
only to a user who has previously registered, use a password for approving system use. Desirably the user of the 
various systems uses a different password for each system being used. However, in present times where several 

10 passwords must be used, it becomes difficult to memorize all of the passwords. Therefore, it is common for the user 
to use a standardized password for all of the systems, or to use a password involving familiar data such as date of birth. 
[0003] With a password involving user date of birth or the like however, since this is based on data familiar to the 
user, there is the likelihood that an ill-willed third party can easily appropriate this. Therefore, with the object of making 
it difficult to appropriate a password, a technique has been considered where the position of a single displayed image 

is js specified, and system use is approved based on the specified position. 

[0004] However, with the technique for approving system use using a single image, if the displayed image is too 
simple, there is the possibility that the specified points will be the same. Moreover, in the case where a single image 
is used, since the characteristic of human memory is such that there is a tendency for the specified points to become 
few, there is the problem in that it is difficult to maintain strong security. 

20 [0005] The present invention takes into consideration the above problems with the conventional arrangement, and 
aims to provide a technique for using an image password which is easy to remember and difficult to appropriate, by 
displaying a plurality of images simultaneously or in a hierarchical structure. 

[0006] Moreover, an embodiment of the invention may include a recording medium on which is recorded the electronic 
information management program according to the present invention so that a person using such a recording medium 

2S can easily construct an electronic information management system. 

[0007] According to a first aspect of the invention an electronic information management system comprises: a code 
information reading device for reading code information stored in an IC card, an image display device for displaying a 
plurality of images corresponding to the code information read by the code information reading device, an image spec- 
ifying device for specifying specific parts of the respective images displayed by the image display device, and an access 

30 authorization device for authorizing access to electronic information based on the specific parts of the respective images 
specified by the image specifying device. 

[0008] With such a construction, the plurality of images corresponding to the code information are displayed when 
the code information is read out from the IC card. Then, when the specific parts of the respective images displayed 
are specified, access is authorized to the electronic information, based on the specific parts of the respective images 
35 specified. After this, operations such as referencing and modification of the authorized electronic information are pos- 
sible. The IC card may be replaced by any other kind of memory medium capable of being read by the code information 
reading device. 

[0009] According to a second aspect of the invention, a memory medium comprises: a storing device for storing code 
information and a plurality of images corresponding to the code information, and an access authorization device for 
40 authorizing access to electronic information based on information specifying specific parts of the respective images. 
Preferably, the memory medium is an IC card. 

[0010] With such a construction, if there is provided a device incorporating functions for reading the code information 
and the plurality of images corresponding to the code information which have been stored in the IC card and displaying 
the images, and for specifying the specific parts of the respective images, access is authorized to the electronic infor- 
ms mation based on the specific parts of the respective images specified. After this, operations such as referencing and 
modification of the authorized electronic information are possible. 

[0011] According to a third aspect of the invention, a terminal apparatus comprises: an image storing device for 
storing a plurality of images corresponding to code information, an image display device for severally displaying the 
images stored by the image storing device, an image specifying device for specifying specific parts of the respective 

so Hisnl^yftri hy thft imanp Hi.ciplgy Hp>\/j«-p> and an access authorization device for authorizing sccsss tc electronic 

information based on the specific parts of the respective images specified by the image specifying device. 
[0012] With such a construction, when the code information is input, the plurality of images corresponding to the 
code information are displayed. Then, when the specific parts of the respective images displayed are specified, access 
is authorized to the electronic information based on the specific parts of the respective images specified. After this, 

55 operations such as referencing and modification of the authorized electronic information are possible. 

[0013] According to a fourth aspect of the invention, an electronic information management system comprises: an 
image storage device for storing a plurality of images, an image display device for severally displaying selectively the 
images stored in the image storage device, an image specifying device for severally specifying specific parts of the 
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respective images displayed by the image display device, a password generating device for generating a password 
based on the specific parts of the respective images specified by the image specifying device, and an access author- 
ization device for authorizing access to electronic information based on the password generated by the password 
generating device. 

5 [0014] With such a construction, the image stored in the image storage device is severally displayed selectively by 
the image display device. Then, when the specific parts of the respective images displayed are specified by means of 
the image specifying device, a password is generated by the password generating device based on the specific parts 
of the respective images specified. Once the password is generated, access is authorized to the electronic information 
by the access authorization device, based on the generated password. After this, operations such as referencing and 

10 modification of the authorized electronic information are possible. 

[001 5] At this time, according to the first to fourth aspects of the invention, if a plurality of specific parts for the plurality 
of images are specified, then the combinations for specifying the specific parts of the images become enormous. In 
particular, when a large number of images are displayed, this effect is remarkable. Accordingly, even if a third party 
attempting to appropriate the electronic information properly specifies the specific parts of the image, the possibility of 

is matching with the password of a user having proper authority is very low, and hence a strong security can be maintained. 
Furthermore, when the specific parts of the image are specified, if the specified sequence is set so as to have a story 
characteristic, the specified sequence can be grasped as an image. Consequently, compared to conventional pass- 
words using English letters and numerals, it is possible to have one which can be easily remembered and which is 
difficult to forget. 

20 [0016] Furthermore, the construction may be such that the image display device severally displays simultaneously 
the images. 

[0017] With such a construction, since the images are severally displayed simultaneously, then if the specific parts 
of the image are specified by scanning across the various images, the combinations specifying the specific parts of 
the image can be dramatically increased Therefore it is extremely difficult for a third party planning to appropriate the 

25 electronic information to arrive at the correct password, and hence the strength of the security can be further improved. 
[0018] Moreover, the construction may be such that the image display device displays the images in a hierarchical 
structure one after another, in accordance with the specific parts of the images specified by the image specifying device. 
[0019] With such a construction, since the images are displayed in a hierarchical structure one after another, in 
accordance with the specific parts of the specified images, then by deepening the hierarchical structure, the combina- 

30 tions specifying the specific parts of the image can be dramatically increased. Therefore it is extremely difficult for a 
third party planning to appropriate the electronic information to arrive at the correct password, and hence the strength 
of the security can be further improved. 

[0020] In addition, the construction may be such that the image specifying device specifies specific parts of the image 
displayed by the image display device by means of rectangular regions which are marked out at predetermined spacing. 
35 [0021] With such a construction, since the specific part of the image is specified by means of a rectangular region, 
then by specifying a point within the rectangular region, the rectangular region is specified. Consequently the operation 
of specifying a specific part of the image by the user of the electronic information management apparatus is facilitated, 
and erroneous operation where a mistaken specific part is specified can be reduced. 

[0022] Moreover, the construction may be such that the image specifying device specifies the specific parts of the 
40 image displayed by the image display device, by means of constituent elements constituting the image. 

[0023] Here, the "constituent element" is for example in the case where the image represents a building, a billboard, 
a window, a door or the like being a part constituting the building. 

[0024] With such a construction, since the specific part of the image is specified by way of the constituent element 
constituting the image, then even if the constituent element is a complicated shape, this can be easily specified. Con- 

45 sequently, the operation of specifying a specific part of the image by the user of the electronic information management 
apparatus is facilitated, and erroneous operation where a mistaken specific part is specified can be reduced. 
[0025] According to a fifth aspect of the invention, an electronic information management method comprises: a code 
information reading step for reading code information stored in a memory card, an image display step for displaying a 
plurality of images corresponding to the code information read by the code information reading step, an image specifying 

so step for specifying specific parts of the respective images displayed by the imans display step, and an access author- 
ization step for authorizing access to electronic information based on the specific parts of the respective images spec- 
ified by the image specifying step. 

[0026] With such a construction, the plurality of images corresponding to the code information are displayed when 
the code information is read out from the card. Then, when the specific parts of the respective images displayed are 
55 specified, access is authorized to the electronic information, based on the specific parts of the respective images 
specified. After this, operations such as referencing and modification of the authorized electronic information are pos- 
sible The memory card is preferably an I C card. 

[0027] According to a sixth aspect of the invention, an electronic information management method comprises: an 
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image display step for severally displaying selectively images from among a plurality of images, an image specifying 
step for specifying specific parts of the respective images displayed by the image display step, a password generating 
step for generating a password based on the specific parts of the respective images specified by the image specifying 
step, and an access authorization step for authorizing access to electronic information based on the password gener- 

5 ated by the password generating step. 

[0028] With such a construction, images are severally displayed selectively from among the plurality of images by 
the image display step. Then, when the specific parts of the respective images displayed are specified by means of 
the image specifying step, a password is generated by the password-generating step based on the specific parts of 
the respective images specified. Once the password is generated, access is authorized to the electronic information 

io by the access authorization step, based on the generated password. After this, operations such as referencing and 
modification of the authorized electronic information are possible. 

[0029] At this time, according to the fifth and sixth aspects of the invention, if a plurality of specific parts of the plurality 
of images are specified, -then the combinations for specifying the specific parts of the images become enormous. In 
particular, when a large number of images are displayed, this effect is remarkable. Accordingly, even if a third party 

15 attempting to appropriate the electronic information properly specifies the specific parts of the image, the possibility of 
matching with the password of a user having proper authority is very low, and hence a strong security can be maintained. 
Furthermore, when the specific parts of the image are specified, if the specified sequence is set so as to have a story 
characteristic, the specified sequence can be grasped as an image. Consequently, compared to conventional pass- 
words using English letters and numerals, it is possible to have one which can be easily remembered and which is 

20 difficult to forget. 

[0030] Furthermore, the construction may be such that the image display step severally displays simultaneously the 
images. 

[0031] With such a construction, since the images are severally displayed simultaneously, then if the specific parts 
of the image are specified by scanning across the various images, the combinations specifying the specific parts of 

25 the image can be dramatically increased. Therefore it is extremely difficult for a third party planning to appropriate the 
electronic information to arrive at the correct password, and hence the strength of the security can be further improved. 
[0032] Moreover, the construction may be such that the image display step displays the images in a hierarchical 
structure one after another, in accordance with the specific parts of the images specified by the image specifying step. 
[0033] With such a construction since the images are displayed in a hierarchical structure one after another, in ac- 

30 cordance with the specific parts of the specified images, then by deepening the hierarchical structure, the combinations 
specifying the specific parts of the image can be dramatically increased. Therefore it is extremely difficult for a third 
party planning to appropriate the electronic information to arrive at the correct password, and hence the strength of 
the security can be further improved. 

[0034] According to a seventh aspect of the invention, there is a recording medium on which is recorded an electronic 
35 information management program for realizing: a code information reading function for reading code information stored 
in a memory medium, an image display function for displaying a plurality of images corresponding to the code infor- 
mation read by the code information reading function, an image specifying function for specifying specific parts of the 
respective images displayed by the image display function, and an access authorization function for authorizing access 
to electronic information based on the specific parts of the respective images specified by the image specifying function. 
40 The program is envisaged for use with an IC card as the memory medium. 

[0035] Here the "recording medium" is one which can reliably record the electronic information, and if necessary one 
which can reliably output this. For example, a portable medium such as a magnetic tape, magnetic disc, magnetic 
drum, IC card, CD-ROM and the like. 

[0036] With such a construction, an electronic information management program for realizing a code information 
45 reading function, an image display function, an image specifying function, and an access authorization function is 
stored on the recording medium. Consequently, the electronic information management program according to the 
present invention can be distributed. Hence, a person using the recording medium on which the program is recorded 
can easily construct an electronic information management system. 

[0037] According to an eighth aspect of the invention, there is a recording medium on which is recorded an electronic 
so information management program for realizing: an image display function for severally displaying images selectively 
from among a plurality of images, an image specifying function for specifying specific parts of the respective images 
displayed by the image display function, a password generating function for generating a password based on the 
specific parts of the respective images specified by the image specifying function, and an access authorization function 
for authorizing access to electronic information based on the password generated by the password generating function. 
55 [0038] With such a construction, an electronic information management program for realizing an image display func- 
tion, an image specifying function, a password generating function, and an access authorization function is stored on 
the recording medium Consequently, the electronic information management program according to the present inven- 
tion can be distributed. Hence, a person using the recording medium on which the program is recorded can easily 
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construct an electronic information management system. 

[0039] Furthermore, the construction may be such that the image display function severally displays simultaneously 
the images. 

[0040] With such a construction, since the images are severally displayed simultaneously, then if the specific parts 
5 of the image are specified by scanning across the various images, the combinations specifying the specific parts of 
the image can be dramatically increased. Therefore it is extremely difficult for a third party planning to appropriate the 
electronic information to arrive at the correct password, and hence the strength of the security can be further improved. 
[0041] Moreover, the construction may be such that the image display function displays the images in a hierarchical 
structure one after another, in accordance with the specific parts of the images specified by the image specifying 
to function. 

[0042] With such a construction, since the images are displayed in a hierarchical structure one after another, in 
accordance with the specific parts of the specified images, then by deepening the hierarchical structure, the combina- 
tions specifying the specific parts of the image can be dramatically increased. Therefore it is extremely difficult for a 
third party planning to appropriate the electronic information to arrive at the correct password, and hence the strength 

is of the security can be further improved 

[0043] According to a ninth aspect of the invention, an electronic information management system comprises: an 
image display device for displaying a plurality of images of different attributes, an image specifying device for specifying 
specific parts of the respective images displayed by the image display device, and an access authorization device for 
authorizing access to electronic information based on the specific parts of the respective images specified by the image 

20 specifying device. J 
[0044] With such a construction, the plurality of images of different attributes are displayed by the image display 
device. Then, when the specific parts of the respective images displayed are specified by the image specifying device, 
access is authorized to the electronic information by the access authorization device based on the specific parts of the 
respective images specified. After this, operations such as referencing and modification of the authorized electronic 

2S information are possible. 

[0045] At this time, in a case that a plurality of specific parts of the plurality of images are specified, if the specified 
sequence is considered, then the combinations for specifying the specific parts of the images become enormous. In 
particular, when a large number of images are displayed, this effect is remarkable. Accordingly, even if a third party 
attempting to appropriate the electronic information properly specifies the specific parts of the image, the possibility of 

30 matching with the password of a user having proper authority is very low, and hence a strong security can be maintained. 
Furthermore, when the specific parts of the image are specified, if the specified sequence is set so as to have a story 
characteristic, the specified sequence can be grasped as an image. Consequently, compared to conventional pass- 
words using English letters and numerals, it is possible to have one which can be easily remembered and which is 
difficult to forget. 

?5 [0046] Furthermore, the construction may be such that the images of different attributes are constituted of an image 
indicating a thing and an image indicating a plurality of characters. 

[0047] With such a construction, since the images are constituted of-the image indicating a thing and the image 

indicating the plurality of characters, a screen construction becomes more complicated to a third party. 

[0048] Moreover, the construction may be such that the images of different attributes are constituted of an image 

*0 comprising a single image, and an image comprising a plurality of objects. 

[0049] With such a construction, since the images are constituted of the image comprising a single image, and the 
image comprising a plurality of objects, a screen construction becomes more complicated to a third party. 
[0050] According to a tenth aspect of the invention, there is a recording medium on which is recorded an electronic 
information management program having an image display function for displaying a plurality of images of different 

& attributes, an image specifying function for specifying specific parts of the respective images displayed by the image 
display function, and an access authorization function for authorizing access to electronic information based on the 
specific parts of the respective images specified by the image specifying function. 

[0051] With such a construction, an electronic information management program for realizing an image display func- 
tion, an image specifying function, and an access authorization function is stored on the recording medium. Conse- 
>o quently, the electronic information management program according to the present invention can be distributed. Hence, 
a peison using ihe recording medium on which the program is recorded can easily construct an electronic information 
management system. 

[0052] The expression 'severally display" above may refer to displaying images separately or one at a time. 
[0053] A detailed description of embodiments of the invention will now be given by way of example with reference 
*s to the accompanying drawings, in which: 

FIG. 1 is a block diagram showing an embodiment of an electronic information management system according to 
the present invention; 
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FIG. 2 is a flow chart for explaining initial registration processing; 
FIG. 3 is an explanatory diagram of a user environment setting screen; 
FIG. 4 is an explanatory diagram of an image setting screen; 
FIG. 5 is a diagram illustrating various examples of contents tools; 
FIG. 6 is an explanatory diagram of a mesh setting screen; 
FIG. 7 is an explanatory diagram of an image password setting screen; 

FIG. 8 is an explanatory diagram showing information to be registered in a data base by initial registration process- 
ing, FIG. 8 (A) being the registration contents of an encrypted information data base, and FIG. 8 (B) being the 
registration contents of a setting information data base; 
FIG. 9 is a flow chart for explaining image password use processing; 
FIG. 10 is an explanatory diagram of a user name input screen; 
FIG. 11 is an explanatory diagram of an image password input screen; 
FIG. 12 is an explanatory diagram showing an example of a transition image; 
FIG. 13 is a flow chart for explaining additional registration processing; 

FIG. 14 is an explanatory diagram of information to be registered in the encrypted information data base by the 
additional registration processing; 

FIG. 15 is a flow chart for explaining modification processing; 

FIG. 16 is a block diagram showing another embodiment of an electronic information management system accord- 
ing to the present invention; and 

FIG. 17 is a flow chart showing deposit processing of electronic money. 

[0054] FIG. 1 shows an embodiment of an electronic information management system according to the present 
invention. 

[0O55] The electronic information management system 10 comprises; a data base section 20, a processing function 
25 selection section 30, an initial registration processing section 40, an image password use processing section 70, an 
additional registration processing section 90, and a modification processing section 100. The electronic information 
management system 1 0 incorporates at least a central processing unit (CPU) and a memory in a computer for executing 
a program in the memory. 

[0056] The data base section 20 comprises an encrypted information data base 22, and a setting information data 
30 base 24. In the encrypted information data base 22 is registered for example information to be encrypted (to be de- 
scribed later), and information which has been encrypted (below, encrypted) information). In the setting information 
data base 24 is registered various setting information (to be described in detail later) which has been initially set in the 
initial registration processing section 40. 

[0057] The processing function selection section 30 selectively activates the initial registration processing section 
35 40, the image password use processing section 70, the additional registration processing section 90, or the modification 
processing section 1 00, in accordance with instructions from the user of the electronic information management system 
10 (abbreviated hereunder to user). 

[0058] The initial registration processing section 40 executes sequential processing (referred to hereunder as initial 
•jgistration processing) for carrying out an initial registration of a password according to image specification. The initial 
40 -j-gistration processing section 40 comprises; a user environment setting module 42, a background image setting 
module 44, a contents tool setting module 46, a mesh setting module 48, an image password setting module 50, an 
encrypt key creation module 52, an information to be encrypted input module 54, an encrypt module 56, an encrypted 
information registration module 58, and a setting information registration module 60. 

[0059] The user environment setting module 42 executes setting processing for the user environment of for example 
45 the name of the user (referred to hereunder as the user name), and the browser used by the user. The user name 
need not be the actual name of the user, and for example this may be set to a nickname familiar to the user, or to a 
name which a third party would not guess for the user. 

[0060] In the background image setting module 44 is executed the setting processing of the background image which 
becomes the setting object for the image password. The background image is selected by the user from various images 
so registered for example in an external storage unit (iman« storanfi cteyir.e' not -shown In the figure) of the electronic 
information management system 10. The background image may use an image registered in another electronic infor- 
mation management system 10 connected to the electronic information management system 10 via a network, or in 
an external storage unit such as a host. 

[0061] In the contents tool setting module 46 is executed setting processing of various images displayed together 
55 with the background image, or various images displayed instead of the background image (referred to hereunder as 
contents tools). The contents tool is selected by the user in the same way as the background image, from various 
images registered in the electronic information management system 10 or in the external storage unit of the other 
electronic information management system 10. With the contents tool, it is desirable that constituent elements inde- 
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20 



pendently from each other are constituted of such as button and object. 

[0062] The mesh setting module 48 carries out setting processing of the mesh to be displayed superimposed on the 
background image, that is to say a rectangular region marked out at predetermined spacing. By setting the mesh, when 
the user specifies a point within the rectangular region, the operation assigned to the rectangular region results, so 

s that reproducibility of the specifying is improved. 

[0063] The image password setting module 50 executes setting processing of the image password. That is to say, 
by pointing to the rectangular region superimposingly displayed on the background image using a pointing device such 
as a mouse or touch panel, the specification of the specific part of the background image is carried out. Moreover, 
when the contents tool itself or a constituent element of the contents tool, for example, an image of an electric train is 

to displayed, then by pointing to the door, window etc. of the electric train, the specific part of the contents tool is specified. 
Moreover, the image password is set by registering the specific parts and specified sequence of the specified images. 
[0064] The encrypt key creation module 52 executes encrypt key creation processing. The encrypt key is computed 
by substituting a set image password in a predetermined encrypt key creation formula, as a variable. 
[0065] The information to be encrypted input module 54 executes input processing of the information to be encrypted 

is which the user intends to encrypt. The information to be encrypted is for example a user access code which is registered 
on an IC card, and which is input from an input device such as a card reader. With the electronic information manage- 
ment system 10 of the present embodiment, if the information to be encrypted is once registered, then when the elec- 
tronic information management system 10 is used subsequently, it is not necessary to reinput the information to be 
encrypted. 

[0066] The encrypt module 56 executes encryption processing of the input information to be encrypted. The encrypt- 
ing of the information to be encrypted utilizes known techniques such as DES (Data Encryption Standard). For example, 
this is implemented by sequentially changing respective elements of the information to be encrypted, based on the 
encrypt key. 

[0067] The encrypted information registration module 58 executes processing to register encrypted information and 
25 the like in the encrypted information data base 22. 

[0068] The setting information registration module 60 executes processing to register a set user environment, back- 
ground image, contents tool, mesh setting information and the like in the setting information data base 24. 
[0069] The image password use processing section 70 executes sequential processing (referred to hereunder as 
image password use processing) for carrying out access authorization to the electronic information, based on the input 
30 image password. The image password use processing section 70 comprises; a user name input module 72, an image 
and mesh display module 74, an image password input module 76, an image password judgment module 78, an 
encrypted information decoding module 80, and an information to be encrypted output module 82'. 
[0070] The image and mesh display module 74 operates as an image display device, and performs an image display 
step/function. Furthermore, the image password input module 76 operates as an image specifying device and a pass- 
es word generating device, and performs an image specifying step/function and a password generating step/function. 
Moreover, the image password judment module 78 operates as an access authorisation device, for performing an 
access authorisation step or function. 

[0071] The user name input module 72 executes input processing for the user name. That is to say. input of the user 
name set in the initial registration processing is carried out. The user name may be selected by the user from ah already 

40 set user name list, or may be input directly from an input device such as a keyboard. 

[0072] The image and mesh display module 74 executes the processing for displaying the image corresponding to 
the input user name (referred to as the background image and/or the contents tool, and similarly hereunder) and the 
mesh. The image and the mesh to be displayed are those which are set in the initial registration processing. Display 
or non-display of the mesh may be made optionally selectable for the user. 

45 [0073] The image password input module 76 executes input processing of the image password. That is to say, ex- 
ecutes processing for severally specifying the specific parts or the structural elements of the displayed image. The 
specific parts or structural elements of the specified image are rearranged numerically in a specified sequence, and 
for example stored in memory. Now with the image password input module 76, the color or the pattern of the specified 
rectangular region of the background image on which the mesh is superimposed can be changed to clearly define the 

so rectangular region which is specified by the user. 

[0074] Tne image password judgment module 78 executes judgment processing as to whether or not the input image 
password matches the image password set in the initial registration processing. Only when it is judged that the image 
passwords match, are the encrypted information decoding module 80 to be described later and the information to be 
encrypted output module 82 activated. 

[0075] The encrypted information decoding module 80 executes processing for decoding the encrypted information 
registered in the encrypted information data base 22. 

[0076] The information to be encrypted output module 82 executes processing for displaying the decoded information 
to be encrypted, or for outputting to the outside. At this time, based on the set information recorded in the setting 
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information data base 24, the user can decide on the browser to use and the address of the transmission destination 
to which the information to be encrypted is to be sent. 

[0077] The additional registration processing section 90 executes processing to add other information to be encrypted 
(referred to hereunder as additional registration processing) in addition to the information to be encrypted which is 
s input in the initial registration processing. 

[0078] The modification processing section 100 executes processing for modifying the background image, the con- 
tents tool, the image password, and the information to be encrypted etc. , which is set in the initial registration processing 
(referred to hereunder as modification processing). 

[0079] Next is a description of the operation of the electronic information management system 1 0 of such a construc- 
10 tion, with reference to the flow charts and various diagrams of FIG. 2 through FIG. 15. 
[0080] FIG. 2 is a flowchart illustrating the initial registration processing. 

[0081] In step 1 (referred to as S1 in the figure, with subsequent steps denoted similarly) the user environment is 
input. That is to say, through the function of the user environment setting module 42, a user environment input screen 
110 such as shown in FIG. 3 is displayed. The user environment input screen 110 comprises; an input frame 112 for 
15 input of the user's name, some menu (radio) buttons 114 (114a - 114e) for setting the item to be used, an OK button 
116, and a cancel button 118. After inputting the user's name and setting the item to be used, the OK button 116 is 
pressed and control proceeds to step 2. On the other hand, if the cancel button 118 is pressed, the initial registration 
processing is terminated. 

[0082] In step 2 through step 4, the image is set. That is to say, through the function of the background image setting 

20 module 44 and the contents tool setting module 46, an image setting screen 1 20 such as shown in FIG. 4 is displayed. 
The image setting screen 120 comprises; a background image selection box 122, a contents tool selection box 124, 
a background image registration section 126, a tool registration section 128, an OK button 130, a cancel button 132, 
and a previous screen button 1 34. Displayed on the background image selection box 1 22 is a list of previously registered 
background images, and the desired background image is selected from this list. In the contents tool selection box 1 24 

25 is displayed a list of various contents tools such as shown for example in FIG. 5, and the desired contents tool is 
selected from this list. Now included in the list of contents tools is a selection branch which stops selection of the 
contents tools, that is to say stops display of the contents tools. In the background image registration section 126 is 
displayed the selected background image. In the tool registration section 128 is displayed the selected contents tools. 
Consequently, by viewing the images displayed in the background image registration section 126 and in the tool reg- 

30 istration section 128, the screen construction for inputting the image password can be confirmed. 

[0083] After selecting the background image (S2) and selecting the contents tools (S3, S4) the OK button 130 is 
pressed and control proceeds to step 5. On the other hand, if the cancel button 1 32 is pressed, the initial registration 
processing is terminated. Moreover, if the previous screen button 134 is pressed, control returns to step 1 , and the 
user environment setting screen 110 is displayed. 

35 [0O84] In step 2 and step 4 wherein image setting is carried out, a plurality of background images and a plurality of 
contents tools may be set. In this case, the screen construction may be set automatically according to the setting 
sequence, or, a layout function may be provided so that a user can set the screen construction. 
[0085] In step 5, the mesh to be superimposed on the background image is set. That is to say, through the function 
of the mesh setting module 48, a mesh setting screen 140 such as shown in FIG. 6 is displayed. The mesh setting 

40 screen 1 40 comprises; a mesh selection box 142, a display color selection box 1 44, a background image registration 
section 1 46, a tool registration section 1 48, an OK button 1 50, a cancel button 1 52, and a previous screen button 1 54. 
In the mesh selection box 142 is displayed a list of the mesh sizes (the number of rectangular horizontal and vertical 
regions), and the desired size is selected from this list. In the display color selection box 1 44 is displayed a list of colors 
for the mesh displayed on the background image, and the desired color is selected from this list. In the background 

45 image display section 146 is displayed the background image and the mesh. In the tool registration section 148 is 
displayed the contents tool set in the image selection screen 1 20. 

[0O86] After setting the mesh size and the display color, the OK button 1 50 is pressed and control proceeds to step 
6. On the other hand, if the cancel button 152 is pressed, the initial registration processing is terminated. Moreover, if 
the previous screen button 154 is pressed, control returns to step 2, and the image setting screen 120 is displayed. 

50 [0087] In step 6, the image password is set. That is to say, through the function of the image password setting module 
50, an image password setting screen 160 such as shown in FIG. 7 is displayed. The image password setting screen 
160 comprises; a number of digits selection box 162, a setting status display section 164, a background image regis- 
tration section 166, a tool registration section 168, an OK button 170, a cancel button 172, and a previous screen 
button 1 74. In the number of digits selection box 1 62 is displayed a list of the number of digits for the image password, 

55 and the desired number of digits is selected from this list. In the setting status display section 164 is displayed various 
elements and a setting sequence for the image password set by processing to be described later. With the background 
image registration section 166 and the tool registration section 168, since these are the same as the background image 
registration section 146 and the tool registration section 148 in the beforementioned mesh selection screen 14-0, de- 
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scription thereof will be omitted. 

[0088] In the case of setting the image password, after setting the number of digits for the image password, a specific 
part of the background image or the contents tool is specified with a pointing device. Once this is done, the color of 
the specified rectangular region of the background image and the constituent element of the contents tool is changed, 

5 and the specified rectangular region or the constituent element is displayed according to the specified sequence on 
the setting status display section 164. Now in FIG. 7, the condition is shown where the number of digits for the image 
password is set to "6", keys "3", "8", "4", "0" are specified from the ten keys of the contents tool, and the rectangular 
region of the background image seventh from the left and third from the bottom (represented hereunder by coordinate 
data (7, 3), and similarly in the following) is specified. After setting the image password, the OK button 170 is pressed 

io and control proceeds to step 7. On the other hand, if the cancel button 1 72 is pressed, the initial registration processing 
is terminated. Moreover, if the previous screen button 174 is pressed, control returns to step 5, and the mesh setting 
screen 140 is displayed. 

[0089] In step 7, selection is made as to whether or not to use transition images. That is to say, selection is made 
as to whether or not to display the images one by one in a hierarchical structure. Then in the case where transition 

15 images are used, control proceeds to step 8 (YES), to create transition informatbn for displaying transition images, 
and this transition information is registered in the setting information data base 24. After this, control returns to step 2, 
and the processing of step 2 and thereafter is repeated. On the other hand, in the case where transition images are 
not used (also including the case where image setting processing is finished), control proceeds to step 9 (NO). 
[0090] In step 9, creation of the encrypt key is carried out. That is to say, the encrypt key is created through the 

20 function of the encrypt key creation module 52, based on the image password set in step 6. 

[0091] In step 10, the information to be encrypted is input To explain for the case where the information to be en- 
crypted on an IC card is input, at first the IC card is inserted into the card reader. Once this is done, the information to 
be encrypted which is registered on the IC card is read by the card reader reading section. 

[0092] In step 11, encryption of the information to be encrypted and creation of the image encryption solution are 
2S carried out. That is to say, the information to be encrypted is encrypted based on the encrypt key created in step 9. 
[0093] To explain an example of an encryption algorithm, for example, it is assumed that in step 6, the background 
image is specified in the order of coordinate data (1,2), (3, 8), (7, 8), and (10, 2). The encryption is carried out by 
means of a DES computational formula, by for example initially replacing x with y, and then replacing y with x, based 
on various values of x and y for the coordinate data (x, y). For example, if the information to be encrypted is "1234" 
30 then the encryption is carried out in the following manner. 



(1) 


Information to be encrypted 


1234 


(2) 


(1,2): replace 1 with 2 


2234 


(3) 


(3, 8) : replace 8 with 3 ( no replacement) 


2234 


(4) 


(7,8) : replace 7 with 8 ( no replacement) 


2234 


(5) 


(10, 2) : replace 2 with 0 


0034 



[0094] With this encryption, the encrypted information becomes '0034°. At this time, since the encrypted information 
40 only involves replacement of the elements of the information to be encrypted, the data quantity does not change. 

[0095] Moreover, the image encryption solution is the encryption solution which is used at the time of decoding the 
encrypted information. More specifically it is a value for where the encrypted information is subtracted from the infor- 
mation to be encrypted. With the above example, the image encryption solution is obtained as follows. 

45 Image encryption solution = (information to be encrypted) - (encrypted information) 

= 1234-0034 
= 1200 

[0096] In step 12, the encrypted information and the image encryption solution are registered in the encrypted infor- 
so mation data base 22. 

[0097] !r. ctcp 13, various setting information which is set or createa in step 1 through step 8. is registered in the 
setting information data base 24. 

[0098] With the above described processing in step 1 through step 13, the various information as shown in FIG. 8 
is registered in the encrypted information data base 22 and the setting information data base 24. That is to say, as 
55 shown in FIG. 8 (A), the user code, the image encryption solution, the encrypted information, the previous use address 
etc. is registered in the encrypted information data base 22. For the user code is set a code for identifying the user 
who executed the initial registration processing. In the previous use address is set the address of the transmission 
destination to which the information to be encrypted is sent in the image password use processing. 
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[0099] Furthermore, as shown in FIG. 8 (B), the user code, the user name, the background image code, the contents 
tool code, the transition information code, the use environment code, etc. are registered in the setting information data 
base 24. For the user code : as with the user code for the encrypted information data base 22. is set a code for identifying 
the user who executed the initial registration processing. For the background image code is set at least one code for 

5 identifying the background image. For the contents tool code is set at least one code for identifying the contents tool. 
Now in the case where the contents tool is not used, then needless to say it is not necessary to set anything for the 
contents tool code. For the transition information code is set information for using the transition image, more specifically, 
a code for identifying the transition information created in step 8. For the use environment code is set a code for 
identifying for example the utilized browser set in step 1 . 

10 [0100] FIG. 9 is a flow chart illustrating image password use processing. 

[0101] In step 20, input of the user name is carried out. That is to say, through the function of the user name input 
module 72, a user name input screen 180 such as shown in FIG. 10 is displayed. The user name input screen 180 
comprises; a user name selection box 182, an OK button 134, and a cancel button 186. In the user name selection 
box 1 82 is displayed a list of user names set in the initial user registration processing, and the user selects his/her own 

15 name from amongst this list. Then, after selecting the user name, the OK button 184 is pressed and control proceeds 
to step 21. On the other hand, if the cancel button 186 is pressed, image password use processing is terminated. 
[0102] In step 21 , display of the image and mesh is carried out. That is to say, through the function of the image and 
mesh display module 74 and the image password input module 76, an image password input screen 190 such as 
shown in FIG. 11 is displayed. The image password input screen 1 90 comprises; an image display section 192, a mesh 

20 display/not display selection section 194, a receptbn status display section 196, an OK button 198, a cancel button 
200, and a previous screen button 202. Displayed in the image display section 1 92 is a background image and a 
contents tool which are registered in the setting information data base 24. Now in the case where the contents tool is 
not set, needless to say the contents tool is not d isplayed. The mesh display/not display selection section 1 94 comprises 
radio buttons 194a, 194b, for specifying mesh display (ON) or no mesh display (OFF). Pressing the radio buttons 194a, 

25 194b switches between mesh ON and mesh OFF. Displayed in the reception status display section 196 is the input 
status of the image password. 

[01 03] In step 22 input of the image password is carried out. That is to say, the image password is input by specifying 
with a pointing device a specific part of the image displayed in the image display section 1 92. A proviso is that the input 
of the image password must be carried out according to the specific parts and the specified sequence, set in the initial 
30 registration processing. 

[0104] On completion of input of the image password for the image being displayed, the OK button 198 is pressed 
and control proceeds to step 23. On the other hand, if the cancel button 200 is pressed, image password use processing 
is terminated. Moreover, if the previous screen button 202 is pressed, control returns to step 20, and the user name 
input screen 180 is displayed. 

35 [0105] In step 23, judgment is made as to whether or not the input image password matches the image password 
set by the initial registration processing. If judged that the image passwords match, control proceeds to step 24 (YES), 
while if the image passwords do not match, control proceeds to step 28 (NO). 

[0106] In step 24, judgment is made as to whether or not there is a transition image. That is to say, by referring to 
the transition information code of the setting information data base 24, it is judged if setting for the transition image 
40 has been carried out. In the case of a transition image, control proceeds to step 25 (YES), and the transition information 
identified by the transitbn information code is acquired, after which control returns to step 21. On the other hand, in 
the case of no transition image, control proceeds to step 26 (NO). 

[0107] In this way, by judging for the presence of the transition image, then the images of a hierarchical structure 
are displayed one by one in accordance with the specific part and specified sequence of the specified images : and 
45 input of the image password is carried out for the displayed respective images. Consequently, with deepening of the 
hierarchical structure, the input points for the image password increase so that a strong security is ensured. In this 
case : since the image password is memorized as an image, then even if the hierarchical structure is deepened, the 
possibility of forgetting the image password is minimal. 

[0108] For example, with the image shown in FIG. 11 , the case can be considered where after inputting ones date 
so of birth from the ten keys of the contents tool, an image password specifying th« h»nk is s e t from the background 
image. Then, in the case where the transition image as shown in FIG. 12 is displayed, an image password specifying 
the window and the reception lady can be set. That is to say the sequential specifying operation can be grasped as a 
story type image, and this image stored. In this case, for a third person, it is not possible to conjecture which image 
password is set for the displayed image, and hence an extremely strong security is ensured. 
55 [0109] In step 26, the encrypted information is decoded. That is to say, the encrypted information registered in the 
encrypted information data base 22 is decoded by means of an image encryption solution. In the abovementioned 
example, the encrypted information is "0034" and the image encryption solution is "1200" and hence by adding both 
of these this is decoded to the information to be encrypted "1234". 
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[0110] In step 27, the decoded information to be encrypted is displayed, or the information to be encrypted is output 
to the outside. At this time, a browser to be used can be prepared based on the use environment registered in the 
setting information data base 24, and a host for the transmission destination specified based on the previous use 
address registered in the encrypted information data base 22. 
5 [0111] In step 28, processing for the case where the image passwords do not match is carried out. That is to say, an 
error message to the effect that the image passwords do not match is displayed. 

[0112] With the processing for the above described step 20 through step 28, by inputting the image password, access 
to the electronic information is authorized. After this, the decoding of the encrypted information is carried out and access 
to the electronic information is executed. 

70 [0113] FIG. 13 is a flow chart illustrating additional registration processing. With the flow chart shown in FIG. 13, the 
processing of step 30 through step 35, and step 41 is the same as the processing tor step 20 through step 25 and step 
28 for the image password use processing shown in FIG. 9. Furthermore, the processing of step 36 through step 40 
is the same as the processing of step 9 through step 13 for the initial registration processing shown in FIG. 2. Conse- 
quently, in the following description, only an outline of this processing is given, and the appropriate sections should be 

15 referred to for details. 

[0114] In step 30, input of the user name is carried out. 
[0115] In step 31 , display of the image and mesh is carried out. 
[0116] In step 32, input of the image password is carried out. 

[0117] In step 33, judgment is made as to whether or not the input image password matches the image password 
20 registered in the initial registration processing. If the image passwords match, control proceeds to step 34 (YES), while 
if they do not match control proceeds to step 41 (NO). 

[0118] In step 34, judgment is made as to whether or not there is a transition image. If there is a transition image, 
control proceeds to step 35 (YES), while if not, control proceeds to step 36 (NO). 

[0119] In step 35, the transition information identified by the transition information code registered in the setting 
25 information data base 24 is acquired. 

[0120] In step 36, creation of the encrypt key is carried out. 
[0121] In step 37, the information to be encrypted is input. 

[0122] In step 38, encryption of the information to be encrypted and creation of the image encryption solution are 
carried out. 

30 [0123] In step 39, the encrypted information and the image encryption solution are registered in the encrypted infor- 
mation data base 22. 

[0124] In step 40, the various setting information set or created in step 30 through step 35 is registered in the setting 
information data base 24. 

[0125] In step 41 , an error message to the effect that the image passwords do not match is displayed. 

35 [0126] With the processing of step 30 through step 41 as described above, only when the input image password 
matches the set image password, is additional registration of the information to be encrypted possible. Furthermore, 
when the information to be encrypted is input, this is encrypted by means of the encrypt key created based on the 
image password, and additionally registered in the encrypted information data base 22. The information to be encrypted 
registered in the encrypted information data base 22 is severally registered with respect to the same user code and 

40 image encryption solution as shown in FIG. 14. In this way a plurality of encrypted information can be registered with 
respect to one image password. Moreover, since the previous use address is registered for each of the respective 
encrypted information, then at the time of using the encrypted information, it is not necessary to separately set the 
address of the transmission destination to which the information to be encrypted is sent. 

[0127] FIG. 15 is a flow chart illustrating an update processing. With the flowchart shown in FIG. 15, the processing 
45 of step 50 through step 55, and step 69 is the same as the processing of step 20 through step 25 and step 28 for the 
image password use processing shown in FIG. 9. Furthermore, the processing of step 56 through step 68 is the same 
as the processing of step 1 through step 13 for the initial registration processing shown in FIG. 2. Consequently, in the 
following description, only an outline of the processing is given, and the appropriate sections should be referred to for 
details. 

so [0128] In step 50, input of the user name is carried out. 

[0129] In step 51 , display of the image and mesh is carried out. 
[0130] In step 52, input of the image password is carried out. 

[0131] In step 53, judgment is made as to whether or not the input image password matches the image password 
set in the initial registration processing section 70. If the image passwords match, control proceeds to step 54 (YES), 
55 while if they do not match control proceeds to step 69 (NO). 

[0132] In step 54, judgment is made as to whether or not there is a transition image. If there is a transition image, 

control proceeds to step 55 (YES), while if no transition image control proceeds to step 56 (NO). 

[0133] In step 55, the transition information identified by the transition information code registered in the setting 
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Information data base 24 is acquired. 

[01 34] In step 56, the user environment is set. 

[01 35] In step 57 through step 59, the image is set. 

[01 36] In step 60, the mesh which is superimposed on the background image is set. 
5 [01 37] In step 61 , the image password is set. 

[0138] In step 62, selection is made as to whether or not to use transition images. In the case where transition images 
are used, control proceeds to step 63 (YES), while in the case where transmission images are not used, control pro- 
ceeds to step 64 (NO). 

[01 39] in step 63, the transition information for displaying transition images is created, and this transition information 
to is registered in the setting information data base 24. 

[01 40] In step 64, creation of the encrypt key is carried out. 
[0141] In step 65, the information to be encrypted is input. 

[0142] In step 66, encryption of the information to be encrypted and creation of the image encryption solution are 
carried out. 

15 [01 43] In step 67, the encrypted information and the image encryption solution are registered in the encrypted infor- 
mation data base 22. 

[01 44] In step 68, the various setting information set or created in step 56 through step 63 is registered in the setting 
information data base 24. 

[01 45] In step 69, an error message to the effect that the image passwords do not match is displayed. 

20 [0146] With the processing of step 50 through step 69, only when the input image password matches the set image 
password, is updating of the set user environment, the image, the information to be encrypted and so on, possible. 
[0147] Now, in the above described embodiment, the electronic information management system 10 incorporates 
collectively a data base section 20, an initial registration processing section 40, an image password use processing 
section 70, an additional registration processing section 90, and a modification processing section 100. However the 

25 construction is not limited to this. That is to say, with an automatic cash dispensing device of a bank, the automatic 
cash dispensing device function can be sufficiently realized if just the image password use processing section 70 is 
provided. In this case, an image password is used instead of a conventional password using numbers, or together with 
a password using numbers. 

[0148] Next, there will be described an electronic money system wherein electronic money is an object to be man- 
30 aged, as another embodiment of an electronic information management system according to the present invention. 
[0149] The electronic money system comprises an IC card 300, at least one terminal apparatus 310, and a host 
computer 320, as shown in FIG. 16. 

[0150] The IC card 300 which is provided with an I C chip 302 incorporating a CPU and a memory, functions as a 
computer of minimum construction. In the memory is stored a program and information on the electronic money such 
35 as deposit date, payment record and a balance (to be referred to money information hereunder). In future, it can be 
considered that personal information such as insurance data is stored in the memory so that the personal information 
can be used by means of the same IC card. 

[0151] The terminal apparatus 310 comprises a connection apparatus 31 2 (code information reading device), a dis- 
play apparatus 314 (image display device), and an input apparatus 316 (image specifying device). The connection 

40 apparatus 312 is constituted of such as a card reader or an EEPROM (Electric Erasable and Programmable Read 
Only Memory) writer, and provides an interface function for electrically connecting the IC card 300 and the terminal 
apparatus 31 0. The display apparatus 314 is constituted of a display such as CRT or LCD, and provides a function for 
displaying various operation statuses. The input apparatus 316, e.g. provided as a touch panel mounted on a display 
surface of the display apparatus, provides a function for inputting such as an image password for utilizing the electronic 

*s money. 

[0152] The host computer 320 is connected to each terminal apparatus 310 via each communication line 400, and 
comprises a data base section 330 and an image data storage section 340 (image storing device). The data base 
section 330 comprises an encrypted information data base 332 wherein encrypted information or the like is registered, 
and a setting information data base 334 wherein a variety of setting information is registered. In the image data section 
so 340 is stored image data constituting an input screen for the image passwnrH. Here, since the data base section 330 
is same as the data base section 20 in FIG. 1, the details thereof should be referred to the description for the data 
base section 20. 

[0153] When the IC card 300 is inserted into the terminal apparatus 310, the IC chip 302 is electrically connected to 
the input apparatus 316 and the display apparatus 314 via the connection apparatus 312, to thereby constitute a 
55 computer provided with the input apparatus 316 and the display apparatus 314. That is, the IC card 3O0 and the terminal 
apparatus 310 are integrated with each other, and function as the processing function selection section 30, the initial 
registration processing section 40 and the image password use processing section 70 shown in FIG. 1 . However, due 
to the property of electronic money system, the additional registration processing section go and the modification 



12 



BNSDOCID: <EP 09479O8A2_l_> 



EP 0 947 908 A2 



75 



20 



processing section 100 are not necessarily provided. 

[0154] In order to start the use of electronic money, it is required to set a user name and image passwords, in initial 
registration processing. For performing the initial registration processing, the IC card 300 may be inserted into the 
terminal apparatus 310 and then the initial registration processing same as shown in the flow chart of FIG. 2 may be 
s carried out. In the initial registration processing, it is required to add at least a function for recording the code and name 
of a user on the IC chip 302 of the IC card 300. This is because the code and name of the user are code information 
of the lowest demand for certifying the user. 

[0155] Further, the image data taken by the user by means of a digital camera and the like may be used for the image 
data constituting the input screen for the image password. In this case, the terminal apparatus 310 may be provided 
to with an interface for inputting the image prepared by the user, such as a floppy disk drive. 

[0156] Now there will be described a method for actually using the electronic money. First, the deposit processing 
should be made for depositing money in the IC card 300. That is, since in the initial registration processing, the IC card 
300 is merely initialized, the money information indicates "the balance is 0 M . Therefore, the deposit processing should 
be made in the IC card 300. In this embodiment, such a construction that the deposit processing is made in the IC card 
300 via a credit company, is adopted. However, not only construction, but also other constructions for making, for 
example, deposit processing by currency or the deposit processing from the account of a bank, may be adopted.' 
[0157] The deposit processing is made according to the flow chart of FIG. 17. The same processing as the image 
password use processing (refer to FIG. 9) will be described briefly. 

[0158] In step 70, when the IC card 300 is inserted into the terminal apparatus 31 0, the code and name of the user 
stored in the IC chip 302 are read in the host computer 320 via the terminal apparatus 310 and the communication line 
400. Then, in the host computer 320, the image data and the like constituting the input screen for the image password 
are searched based on the code of the user and the like, and the search result is returned to the terminal apparatus 
310. That is, by inserting the IC card 300, input of the user name has been carried out. This processing corresponds 
to the code information reading device, code information reading step and code information reading function. 
25 [0159] In step 71, display of the image and mesh is carried out. 
[0160] In step 72, input of the image password is carried out. 

[0161] In step 73, judgment is made as to whether or not the input image password matches the image password 
set by the initial registration processing. If the image passwords match, control proceeds to step 74 (YES), while if the 
image passwords do not match, control proceeds to step 79 (NO). 

[0162] In step 74, judgment is made as to whether or not there is a transition image. In the case of a transition image, 
control proceeds to step 75 (YES). On the other hand, in the case of no transition image, control proceeds to step 76 
(NO). 

[0163] In step 75, transition information identified by transition information code registered in the setting information 
data base 334 is acquired. 

[0164] In step 76, an amount of money to be deposited in the IC card 300 is input. Since the amount of money is 
merely input in the same operation as in the ATM system of bank and the like, the detailed description thereof is omitted. 
Further, in view of safety, it may be constituted to limit the amount of money to be deposited in one operation. 
[0165] In step 77, the encrypted information is. decoded. 

[0166] In step 78, certification of the user (access authorization) is carried out in the terminal apparatus 310 based 
on the decoded information to be encrypted, and a predetermined amount of money is deposited in the IC card 300 
from the credit company. This processing corresponds to access authorization device. Further, certification of the user 
may be carried out on the IC card 300. In this case, the security can be further improved. 
[0167] In step 79, processing for the case where the image passwords do not match is carried out. 
[0168] For making payment for an amount of goods purchased from a store and the like in electronic money, the IC 
card 300 is inserted into the terminal apparatus 310 provided in the store and the like when the user purchases goods. 
Then, alter confirming the amount to be deposited displayed on the terminal apparatus 31 0, the user pushes down a 
"payment button", and the electronic money is paid from the IC card 300. Simultaneously with this, money information 
stored in the I C card 300 is added and updated. 

[0169] Further, when the electronic money is paid, in order to certify the user the construction may be such that the 
image password is input. If it is difficult to provide the terminal apparatus 310 in each store dn* tn a problem of cost, 
a compact terminal dedicated to payment may be provided. 

[0170] In the electronic money system mentioned above, the currency is not actually transferred between the user 
and the store, instead, electronic information named electronic money is transferred so that the payment of the amount 
of goods purchased is made. Then, the amount of goods purchased is actually paid to the store by the credit company 
55 in place of the user. 

[0171] In the present embodiment, the image data constituting the input screen for the image password is stored in 
the image data storage section 340 of the host computer 320, however, the image data may be stored in dispersion 
in each terminal apparatus 31 0. If the memory capacity of the IC chip 302 is large, the image data may be stored on 
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the IC chip 302 utilizing the image compression technique. In this case, the IC chip 302 corresponds to storage device. 
[0172] Further, if the electronic money system is used in a local area, the electronic money system may be constructed 
by the IC card 300 and the terminal apparatus 310. In this case, the data base section 330 and the image data storage 
section 340 should be provided in the terminal apparatus 310 or the IC card 300. 
s [0173] Security or access authorization of such as mobile PC, Internet TV, game machine, home security and ATM 
system can be considered as other applications of the electronic information management system of the present in- 
vention. 

[0174] If a program for realizing such a function is recorded on a portable medium such as a magnetic tape, magnetic 
disc, magnetic drum, CD-ROM etc., then the electronic information management program according to the present 
to invention can be distributed in the market. Moreover, a person acquiring such a medium can easily construct an elec- 
tronic information management system using a standard computing system. 



Claims 

75 

1. An electronic information management system comprising: 

a code information reading means for reading code information stored in an I C card; 
an image display means for displaying images; 
20 an image specifying means for specifying specific parts of the respective images displayed by said image 

display means; and 

an access authorization means for authorizing access to electronic information based on the specific parts of 
the respective images specified by said image specifying means, 

said system characterized in that said image display means displays a plurality of images corresponding to 
25 the code information read by said code information reading means 

2. A memory medium comprising: 

a storing means for storing code information and a plurality of images corresponding to the code information; 
30 and an access authorization means for authorizing access to electronic information, 

characterized in that said access authorization means authorizes access to electronic information based on 
information specifying specific parts of the respective images. 

35 3. A terminal apparatus comprising: 

an image storing means for storing a plurality of images corresponding to code information; 
an image display means for displaying the images stored by said image storing means; 
an image specifying means for specifying specific parts of the respective images displayed by said image 
40 display means; and 

an access authorization means for authorizing access to electronic information based on the specific parts of 
the respective images specified by said image specifying means, 

said apparatus characterized in that said image display means severally displays the images. 
45 4. An electronic information management system comprising: 

an image storage means for storing a plurality of images; 

an image display means for displaying the images stored in said image storage means; 
an image specifying means for specifying specific parts of the respective images displayed by said image 
display means; 

a password generating means for generating a password based on the specific parts of the respective images 
specified by said image specifying means; and 

an access authorization means for authorizing access to electronic information based on the password gen- 
erated by said password generating means, 

said system characterized in that said image display means severally displays selectively the images stored 
in said image storage means. 

5. An electronic information management system according to claim 4, wherein said image display means severally 



14 



so 



55 



BNSDCCID: <EP 0947908A2J_> 



EP 0 947 908 A2 



10 



displays simultaneously the images. 

6. An electronic information management system according to claim 4, wherein said image display means displays 
the images in a hierarchical structure one after another, in accordance with the specific parts of the images specified 
by said image specifying means. 

7. An electronic information management system according to claim 4, wherein said image specifying means specifies 
specific parts of the image displayed by said image display means by means of rectangular regions which are 
marked out at predetermined spacing. 

8. An electronic information management system according to claim 4, wherein said image specifying means specifies 
the specific parts of the image displayed by said image display means, by means of constituent elements consti- 
tuting the image. 

is 9. An electronic information management method comprising: 

a code information reading step for reading code information stored in an IC card; 
an image display step for displaying images; 

an image specifying step for specifying specific parts of the respective images displayed by said image display 
20 step; and 

an access authorization step for authorizing access to electronic information based on the specific parts of 
the respective images specified by said image specifying step, 

said method characterized in that said image display step displays a plurality of images corresponding to the 
code information read by said code information reading step. 
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10. An electronic information management method comprising: 



an image display step for displaying images; 

an image specifying step for specifying specific parts of the respective images displayed by said image display 
30 step; 

a password generating step for generating a password based on the specific parts of the respective images 
specified by said image specifying step; and 

an access authorization step for authorizing access to electronic information based on the password generated 
by said password generating step, 
35 said method characterized in that said image display step severally displays selectively images from among 

a plurality of images. 

11. An electronic information management method according to claim 10, wherein said image display step severally 
displays simultaneously the images. 



12. An electronic information management method according to claim 10, wherein said image display step displays 
the images in a hierarchical structure one after another, in accordance with the specific parts of the images specified 
by said image specifying step. 

13. A recording medium on which is recorded an electronic information management program having: 

a code information reading function for reading code information stored in a memory medium; 
an image display function for displaying images; 

an image specifying function for specifying specific parts of the respective images displayed by said image 
50 display function; and 

an access authorization function for authorizing access to electronic information based on the specific parts 
of the respective images specified by said image specifying function, 

said recording medium characterized in that said image display function displays a plurality of images corre- 
sponding to the code information read by said code information reading function. 



14. A recording medium on which is recorded an electronic information management program having: 
an image display function for displaying images; 
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an image specifying function for specifying specific parts of the respective images displayed by the image 
display function; 

a password generating function for generating a password based on the specific parts of the respective images 
specified by the image specifying function; and 
5 an access authorization function for authorizing access to electronic information based on the password gen- 

erated by the password generating function, 

said recording medium characterized in that said image display function severally displays images selectively 
from among a plurality of images. 

to 15. A recording medium on which is recorded an electronic information management program according to claim 14, 
wherein said image display function severally displays simultaneously the images. 

16. A recording medium on which is recorded an electronic information management program according to claim 14, 
wherein said image display function displays the images in a hierarchical structure one after another, in accordance 
15 with the specific parts of the images specified by said image specifying function. 



17. An electronic information management system comprising: 



an image display means for displaying images; 
20 an image specifying means for specifying specific parts of the respective images displayed by said image 

display means; and 

an access authorization means for authorizing access to electronic information based on the specific parts of 
the respective images specified by said image specifying means, 

said system characterized in that said image display means displays a plurality of images of different attributes. 

25 

18. An electronic information management system according to claim 17, wherein said images of different attributes 
are constituted of an image indicating a thing and an image indicating a plurality of characters. 



19. An electronic information management system according to claim 17, wherein said images of different attributes 
30 are constituted of an image constituted of a single image, and an image constituted of a plurality of objects. 

20. A recording medium on which is recorded an electronic information management program having: 

an image display function for displaying images; 
35 an image specifying function for specifying specific parts of the respective images displayed by said image 

display function; and 

an access authorization function for authorizing access to electronic information based on the specific parts 
of the respective images specified by said image specifying function, 

said recording medium characterized in that said image display function displays a plurality of images of dif- 
40 ferent attributes. 
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